Limit Login Attempts Reloaded

Version Description

The site connection settings are now applied automatically and therefore have been removed from the admin interface.
Now compatible with PHP 5.2 to support some older WP installations.

Release Info

Developer	wpchefgadget
Plugin	Limit Login Attempts Reloaded
Version	2.1.0
Comparing to
See all releases

Code changes from version 2.0.0 to 2.1.0

Files changed (7) hide show

core/Helpers.php +2 -5
core/LimitLoginAttempts.php +27 -49
core/Logger.php +3 -5
core/autoload.php +0 -21
limit-login-attempts-reloaded.php +9 -5
readme.txt +6 -2
views/options-page.php +10 -38

core/Helpers.php CHANGED Viewed

	@@ -1,12 +1,9 @@
1	<?php
2
3	- namespace LLA\Core;
4	-
5	/**
6	- * Class ~~Helpers~~
7	- * @package LLA\Core
8	*/
9	- class ~~Helpers~~ {
10
11	/**
12	* @param string $msg


1	<?php
2


3	/**
4	+ * Class LLA_Helpers

5	*/
6	+ class LLA_Helpers {
7
8	/**
9	* @param string $msg

core/LimitLoginAttempts.php CHANGED Viewed

	@@ -1,12 +1,9 @@
1	<?php
2
3	- namespace LLA\Core;
4	-
5	/**
6	- * Class ~~LimitLoginAttempts~~
7	- * @package LLA\Core
8	*/
9	- class ~~LimitLoginAttempts~~ {
10
11	/**
12	* Main plugin options
	@@ -596,9 +593,9 @@ class LimitLoginAttempts {
596	*
597	* @param $user
598	*/
599	- public function notify_log( $~~user~~ ) {
600
601	- if( ! $~~user~~ ) {
602	return;
603	}
604
	@@ -610,20 +607,30 @@ class LimitLoginAttempts {
610
611	/* can be written much simpler, if you do not mind php warnings */
612	if( isset( $log[ $ip ] ) ) {
613	- if( isset( $log[ $ip ][ $~~user~~ ] ) ) {
614	- ~~$log[ $ip ][ $user ]['counter'] += 1;~~








615	} else {
616	- $log[ $ip ][ $~~user~~ ]~~['counter']~~ = 1;


617	}
618	} else {
619	$log[ $ip ] = array(
620	- $~~user~~ => array(
621	'counter' => 1
622	)
623	);
624	}
625
626	- $log[ $ip ][ $~~user~~ ]['date'] = time();
627
628	if( $option === false ) {
629	add_option( 'limit_login_logged', $log, '', 'no' ); /* no autoload */
	@@ -632,15 +639,6 @@ class LimitLoginAttempts {
632	}
633	}
634
635	- /**
636	- * Make a guess if we are behind a proxy or not
637	- *
638	- * @return string
639	- */
640	- public function guess_proxy() {
641	- return isset( $_SERVER[ LLA_PROXY_ADDR ] ) ? LLA_PROXY_ADDR : LLA_DIRECT_ADDR;
642	- }
643	-
644	/**
645	* Check if IP is whitelisted.
646	*
	@@ -683,7 +681,7 @@ class LimitLoginAttempts {
683	global $limit_login_my_error_shown;
684	$limit_login_my_error_shown = true;
685
686	- $error = new \WP_Error();
687	// This error should be the same as in "shake it" filter below
688	$error->add( 'too_many_retries', $this->error_msg() );
689
	@@ -899,34 +897,14 @@ class LimitLoginAttempts {
899	* @return string
900	*/
901	public function get_address( $type_name = '' ) {
902	- $type = $type_name;
903	- if( empty( $type ) ) {
904	- $type = $this->get_option( 'client_type' );
905	- }
906
907	- if( isset( $_SERVER[ $~~type~~ ] ) ) {
908	- return $_SERVER[ ~~$type~~ ];
909	- }
910	-
911	- /*
912	- * ~~Not found. Did we get proxy type from option?~~
913	- * If so, try to fall back to direct address.
914	- */
915	- if( empty( $type_name ) && $type == LLA_PROXY_ADDR && isset( $_SERVER[ LLA_DIRECT_ADDR ] ) ) {
916	-
917	- /*
918	- * NOTE: Even though we fall back to direct address -- meaning you
919	- * can get a mostly working plugin when set to PROXY mode while in
920	- * fact directly connected to Internet it is not safe!
921	- *
922	- * Client can itself send HTTP_X_FORWARDED_FOR header fooling us
923	- * regarding which IP should be banned.
924	- */
925	-
926	- return $_SERVER[ LLA_DIRECT_ADDR ];
927	}
928	-
929	- return '';
930	}
931
932	/**
	@@ -989,7 +967,7 @@ class LimitLoginAttempts {
989	* @param $msg
990	*/
991	public function show_error( $msg ) {
992	- ~~Helpers~~::show_error( $msg );
993	}
994
995	}


1	<?php
2


3	/**
4	+ * Class Limit_Login_Attempts

5	*/
6	+ class Limit_Login_Attempts {
7
8	/**
9	* Main plugin options

593	*
594	* @param $user
595	*/
596	+ public function notify_log( $user_login ) {
597
598	+ if( ! $user_login ) {
599	return;
600	}
601

607
608	/* can be written much simpler, if you do not mind php warnings */
609	if( isset( $log[ $ip ] ) ) {
610	+ if( isset( $log[ $ip ][ $user_login ] ) ) {
611	+
612	+ if( is_array( $log[ $ip ][ $user_login ] ) ) { // For new plugin version
613	+ $log[ $ip ][ $user_login ]['counter'] += 1;
614	+ } else { // For old plugin version
615	+ $temp_counter = $log[ $ip ][ $user_login ];
616	+ $log[ $ip ][ $user_login ] = array(
617	+ 'counter' => $temp_counter + 1
618	+ );
619	+ }
620	} else {
621	+ $log[ $ip ][ $user_login ] = array(
622	+ 'counter' => 1
623	+ );
624	}
625	} else {
626	$log[ $ip ] = array(
627	+ $user_login => array(
628	'counter' => 1
629	)
630	);
631	}
632
633	+ $log[ $ip ][ $user_login ]['date'] = time();
634
635	if( $option === false ) {
636	add_option( 'limit_login_logged', $log, '', 'no' ); /* no autoload */

639	}
640	}
641









642	/**
643	* Check if IP is whitelisted.
644	*

681	global $limit_login_my_error_shown;
682	$limit_login_my_error_shown = true;
683
684	+ $error = new WP_Error();
685	// This error should be the same as in "shake it" filter below
686	$error->add( 'too_many_retries', $this->error_msg() );
687

897	* @return string
898	*/
899	public function get_address( $type_name = '' ) {




900
901	+ if( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
902	+ return $_SERVER['HTTP_X_FORWARDED_FOR'];
903	+ } elseif( isset( $_SERVER['REMOTE_ADDR'] ) ) {
904	+ return $_SERVER['REMOTE_ADDR'];
905	+ } else {
906	+ return '';














907	}


908	}
909
910	/**

967	* @param $msg
968	*/
969	public function show_error( $msg ) {
970	+ LLA_Helpers::show_error( $msg );
971	}
972
973	}

core/Logger.php CHANGED Viewed

	@@ -1,18 +1,16 @@
1	<?php
2
3	- namespace LLA\Core;
4	-
5	/**
6	- * Class ~~Logger~~
7	- * @package LLA\Core
8	*/
9	- class ~~Logger~~ {
10
11	private static $_log_file_name = 'log.txt';
12
13	/**
14	* TODO
15	* @param $msg

16	*/
17	public static function add_log( $msg ) {
18	if( ! $msg ) {


1	<?php
2


3	/**
4	+ * Class LLA_Logger

5	*/
6	+ class LLA_Logger {
7
8	private static $_log_file_name = 'log.txt';
9
10	/**
11	* TODO
12	* @param $msg
13	+ * @return int\|void
14	*/
15	public static function add_log( $msg ) {
16	if( ! $msg ) {

core/autoload.php DELETED Viewed

@@ -1,21 +0,0 @@
-            -
            <?php
-            -
-            -
            namespace LLA;
-            -
-            -
            spl_autoload_register( function ( $class ) {
-            -
-            -
                if( substr( $class, 0, 3 ) !== __NAMESPACE__ ) {
-            -
                    return;
-            -
                }
-            -
-            -
                $class = str_replace( __NAMESPACE__ . '\\', '', $class );
-            -
                $class = str_replace( '\\', DIRECTORY_SEPARATOR, $class );
-            -
                $class_path = strtolower( substr( $class, 0, strrpos( $class, DIRECTORY_SEPARATOR ) ) );
-            -
                $class_name = substr( $class, strrpos( $class, DIRECTORY_SEPARATOR ) + 1 );
-            -
                $class_file = LLA_PLUGIN_DIR . $class_path . DIRECTORY_SEPARATOR . $class_name . '.php';
-            -
-            -
                if( file_exists( $class_file ) ) {
-            -
                    include( $class_file );
-            -
                }
-            -
-            -
            } );

limit-login-attempts-reloaded.php CHANGED Viewed

	@@ -2,9 +2,9 @@
2	/*
3	Plugin Name: Limit Login Attempts Reloaded
4	Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
5	- Author: ~~WPChef~~
6	Text Domain: limit-login-attempts-reloaded
7	- Version: 2.0.0
8
9	Copyright 2008 - 2012 Johan Eenfeldt
10
	@@ -30,7 +30,11 @@ $limit_login_my_error_shown = false; /* have we shown our stuff? */
30	$limit_login_just_lockedout = false; /* started this pageload??? */
31	$limit_login_nonempty_credentials = false; /* user and pwd nonempty */
32
33	- ~~require_once( LLA_PLUGIN_DIR . '/core/autoload.php' );~~
34	-
35	- ( ~~new \LLA\Core\LimitLoginAttempts() );~~



36


2	/*
3	Plugin Name: Limit Login Attempts Reloaded
4	Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
5	+ Author: wpchefgadget
6	Text Domain: limit-login-attempts-reloaded
7	+ Version: 2.1.0
8
9	Copyright 2008 - 2012 Johan Eenfeldt
10

30	$limit_login_just_lockedout = false; /* started this pageload??? */
31	$limit_login_nonempty_credentials = false; /* user and pwd nonempty */
32
33	+ /***************************************************************************************
34	+ * Include files
35	+ **************************************************************************************/
36	+ require_once( LLA_PLUGIN_DIR . '/core/Helpers.php' );
37	+ require_once( LLA_PLUGIN_DIR . '/core/Logger.php' );
38	+ require_once( LLA_PLUGIN_DIR . '/core/LimitLoginAttempts.php' );
39
40	+ $limit_login_attempts_obj = new Limit_Login_Attempts();

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: wpchefgadget
3	Tags: login, security, authentication, Limit Login Attempts, Limit Login Attempts Reloaded, Limit Login Attempts Revamped, Limit Login Attempts Renovated, Limit Login Attempts Updated, Better Limit Login Attempts, Limit Login Attempts Renewed, Limit Login Attempts Upgraded
4	Requires at least: 2.8
5	- Tested up to: 4.~~5.3~~
6	- Stable tag: 2.0.0
7
8	Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers.
9
	@@ -46,6 +46,10 @@ Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
46
47	== Changelog ==
48




49	= 2.0.0 =
50	* fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors
51	* fixed the deprecated functions issue


2	Contributors: wpchefgadget
3	Tags: login, security, authentication, Limit Login Attempts, Limit Login Attempts Reloaded, Limit Login Attempts Revamped, Limit Login Attempts Renovated, Limit Login Attempts Updated, Better Limit Login Attempts, Limit Login Attempts Renewed, Limit Login Attempts Upgraded
4	Requires at least: 2.8
5	+ Tested up to: 4.6
6	+ Stable tag: 2.1.0
7
8	Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers.
9

46
47	== Changelog ==
48
49	+ = 2.1.0 =
50	+ * The site connection settings are now applied automatically and therefore have been removed from the admin interface.
51	+ * Now compatible with PHP 5.2 to support some older WP installations.
52	+
53	= 2.0.0 =
54	* fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors
55	* fixed the deprecated functions issue

views/options-page.php CHANGED Viewed

	@@ -4,7 +4,7 @@ if( !defined( 'ABSPATH' ) )
4	exit();
5
6	/**
7	- * @var $this ~~\LLA\Core\LimitLoginAttempts~~
8	*/
9
10	if( !current_user_can( 'manage_options' ) ) {
	@@ -68,26 +68,6 @@ $lockouts_now = is_array( $lockouts ) ? count( $lockouts ) : 0;
68	$cookies_yes = $this->get_option( 'cookies' ) ? ' checked ' : '';
69	$cookies_no = $this->get_option( 'cookies' ) ? '' : ' checked ';
70
71	- $client_type = $this->get_option( 'client_type' );
72	- $client_type_direct = $client_type == LLA_DIRECT_ADDR ? ' checked ' : '';
73	- $client_type_proxy = $client_type == LLA_PROXY_ADDR ? ' checked ' : '';
74	-
75	- $client_type_guess = $this->guess_proxy();
76	-
77	- if( $client_type_guess == LLA_DIRECT_ADDR ) {
78	- $client_type_message = sprintf( __( 'It appears the site is reached directly (from your IP: %s)', 'limit-login-attempts-reloaded' ), $this->get_address( LLA_DIRECT_ADDR ) );
79	- } else {
80	- $client_type_message = sprintf( __( 'It appears the site is reached through a proxy server (proxy IP: %s, your IP: %s)', 'limit-login-attempts-reloaded' ), $this->get_address( LLA_DIRECT_ADDR ), $this->get_address( LLA_PROXY_ADDR ) );
81	- }
82	- $client_type_message .= '<br />';
83	-
84	- $client_type_warning = '';
85	- if( $client_type != $client_type_guess ) {
86	- $faq = 'https://wordpress.org/extend/plugins/limit-login-attempts-reloaded/faq/';
87	-
88	- $client_type_warning = '<br /><br />' . sprintf( __( '<strong>Current setting appears to be invalid</strong>. Please make sure it is correct. Further information can be found <a href="%s" title="FAQ">here</a>', 'limit-login-attempts-reloaded' ), $faq );
89	- }
90	-
91	$v = explode( ',', $this->get_option( 'lockout_notify' ) );
92	$log_checked = in_array( 'log', $v ) ? ' checked ' : '';
93	$email_checked = in_array( 'email', $v ) ? ' checked ' : '';
	@@ -151,23 +131,6 @@ $email_checked = in_array( 'email', $v ) ? ' checked ' : '';
151	name="valid_duration"/> <?php echo __( 'hours until retries are reset', 'limit-login-attempts-reloaded' ); ?>
152	</td>
153	</tr>
154	- <tr>
155	- <th scope="row" valign="top"><?php echo __( 'Site connection', 'limit-login-attempts-reloaded' ); ?></th>
156	- <td>
157	- <?php echo $client_type_message; ?>
158	- <label>
159	- <input type="radio" name="client_type"
160	- <?php echo $client_type_direct; ?> value="<?php echo LLA_DIRECT_ADDR; ?>"/>
161	- <?php echo __( 'Direct connection', 'limit-login-attempts-reloaded' ); ?>
162	- </label>
163	- <label>
164	- <input type="radio" name="client_type"
165	- <?php echo $client_type_proxy; ?> value="<?php echo LLA_PROXY_ADDR; ?>"/>
166	- <?php echo __( 'From behind a reversy proxy', 'limit-login-attempts-reloaded' ); ?>
167	- </label>
168	- <?php echo $client_type_warning; ?>
169	- </td>
170	- </tr>
171	<tr>
172	<th scope="row"
173	valign="top"><?php echo __( 'Handle cookie login', 'limit-login-attempts-reloaded' ); ?></th>
	@@ -199,6 +162,7 @@ $email_checked = in_array( 'email', $v ) ? ' checked ' : '';
199	</form>
200	<?php
201	$log = get_option( 'limit_login_logged' );

202	if( is_array( $log ) && ! empty( $log ) ) { ?>
203	<h3><?php echo __( 'Lockout log', 'limit-login-attempts-reloaded' ); ?></h3>
204	<form action="<?php echo $this->get_options_page_uri(); ?>" method="post">
	@@ -221,9 +185,17 @@ $email_checked = in_array( 'email', $v ) ? ' checked ' : '';
221	<?php foreach ( $log as $ip => $users ) : ?>
222	<?php foreach ( $users as $user_name => $info ) : ?>
223	<tr>



224	<td class="limit-login-date"><?php echo date_i18n( 'F d, Y H:i', $info['date'] ); ?></td>
225	<td class="limit-login-ip"><?php echo $ip; ?></td>
226	<td class="limit-login-max"><?php echo $user_name . ' (' . $info['counter'] .' lockouts)'; ?></td>





227	</tr>
228	<?php endforeach; ?>
229	<?php endforeach; ?>


4	exit();
5
6	/**
7	+ * @var $this Limit_Login_Attempts
8	*/
9
10	if( !current_user_can( 'manage_options' ) ) {

68	$cookies_yes = $this->get_option( 'cookies' ) ? ' checked ' : '';
69	$cookies_no = $this->get_option( 'cookies' ) ? '' : ' checked ';
70




















71	$v = explode( ',', $this->get_option( 'lockout_notify' ) );
72	$log_checked = in_array( 'log', $v ) ? ' checked ' : '';
73	$email_checked = in_array( 'email', $v ) ? ' checked ' : '';

131	name="valid_duration"/> <?php echo __( 'hours until retries are reset', 'limit-login-attempts-reloaded' ); ?>
132	</td>
133	</tr>

















134	<tr>
135	<th scope="row"
136	valign="top"><?php echo __( 'Handle cookie login', 'limit-login-attempts-reloaded' ); ?></th>

162	</form>
163	<?php
164	$log = get_option( 'limit_login_logged' );
165	+ //echo '<pre>';print_r($log);exit();
166	if( is_array( $log ) && ! empty( $log ) ) { ?>
167	<h3><?php echo __( 'Lockout log', 'limit-login-attempts-reloaded' ); ?></h3>
168	<form action="<?php echo $this->get_options_page_uri(); ?>" method="post">

185	<?php foreach ( $log as $ip => $users ) : ?>
186	<?php foreach ( $users as $user_name => $info ) : ?>
187	<tr>
188	+ <?php
189	+ // For new plugin version
190	+ if( is_array( $info ) ) : ?>
191	<td class="limit-login-date"><?php echo date_i18n( 'F d, Y H:i', $info['date'] ); ?></td>
192	<td class="limit-login-ip"><?php echo $ip; ?></td>
193	<td class="limit-login-max"><?php echo $user_name . ' (' . $info['counter'] .' lockouts)'; ?></td>
194	+ <?php else : // For old plugin version ?>
195	+ <td class="limit-login-date"></td>
196	+ <td class="limit-login-ip"><?php echo $ip; ?></td>
197	+ <td class="limit-login-max"><?php echo $user_name . ' (' . $info .' lockouts)'; ?></td>
198	+ <?php endif; ?>
199	</tr>
200	<?php endforeach; ?>
201	<?php endforeach; ?>

Limit Login Attempts Reloaded - Version 2.1.0

Version Description

Release Info

Code changes from version 2.0.0 to 2.1.0